Open richvdh opened 5 months ago
This is related to https://github.com/element-hq/element-web/issues/26322, in that both are about updating the private key in 4S without updating the public key.
@kegsay from what I've heard you took over progressing on the mentioned MSC recently. I see it's already been implemented in Synapse. What's the status? Can we get it done as a fix for this case?
@pmaier1 to be clear: whilst MSC3967 might help with this, it's not a complete fix. The key upload can fail for plenty of other reasons that are not related to UIA.
@pmaier1 No, the fix I'm applying does not seem to apply here. My change improves robustness when on poor networks, which does not appear to be the case here. This particular issue appears to be server misconfiguration.
This particular issue appears to be server misconfiguration.
Just misconfiguration? So not an actual bug that needs fixing?
This issue is still a valid bug because:
The key upload can fail for plenty of other reasons that are not related to UIA.
Server misconfiguration can cause UIA errors, which is the root cause for the rageshakes we have received.
This issue is still a valid bug because:
The key upload can fail for plenty of other reasons that are not related to UIA.
Server misconfiguration can cause UIA errors, which is the root cause for the rageshakes we have received.
I have the same issue with 1.11.6x versions, downgrading to 1.11.5x resolved the issue
When first logging in on a new account, we try to publish cross-signing keys (via
/device_keys/upload
).This process can fail for example, if the homeserver is configured to use SSO auth. (Publishing the public keys requires user-interactive auth, which may fail. https://github.com/matrix-org/matrix-spec-proposals/pull/3967 is an attempt to help with that,
but is as yet unstandardised. Edit 2024-06-11: It is now standardised, and https://github.com/element-hq/synapse/pull/17284 lands support for it in Synapse.)If the process fails (either because the HS rejects it or the user gets bored of trying to do UIA), we show an error:
After that point, the application is fully-functional, and will even allow you to set up 4S and store the private cross-signing keys in 4S. The problem is that there is no further attempt to publish the public keys, so the account is now totally broken until the user resets cross-signing.